Comcast Hacked: Comcast confirms hackers stole data of about 36 million Xfinity customers in a massive security breach

Comcast confirmed on Monday that the sensitive information of nearly 36 million Xfinity customers was accessed and compromised in a major data breach caused by hackers exploiting a critical security vulnerability in its systems.

The breach occurred in October 2023 when hackers targeted a security flaw in Citrix networking devices used by Comcast. This vulnerability, known as “CitrixBleed,” has been actively exploited by hackers since late August, affecting Citrix networking devices commonly used by major corporations.

Although Citrix released patches in early October, several organizations, including Comcast, did not implement the fixes in time. Noteworthy victims of the CitrixBleed vulnerability include aerospace giant Boeing, the Industrial and Commercial Bank of China, and international law firm Allen & Overy.

In this incident, Xfinity, Comcast’s cable television and internet division, fell victim to the CitrixBleed exploit, as confirmed by the company in a notice to its customers. The hackers, leveraging the vulnerability, gained access to Xfinity’s internal systems between October 16 and October 19. However, Comcast only detected the “malicious activity” on October 25.

Comcast said it took prompt action by notifying federal law enforcement and launching an investigation to understand the nature and extent of the incident. However, Xfinity found that on November 16 hackers likely obtained some information.

Following a thorough review of the affected systems and data, Xfinity, on December 6, 2023, concluded that the compromised customer information included usernames and encrypted passwords. The hashing method used for the passwords remains unclear, as weaker algorithms may be susceptible to cracking.

For an unspecified number of customers, Comcast said that some customers may have had additional information exposed, including names, contact information, dates of birth, the last four digits of Social Security numbers, and secret questions and answers. The data analysis, which aims to uncover any further insights, is still ongoing.

In a notice to customers on Monday, Comcast said:

“On October 10, 2023, Citrix announced a vulnerability in software used by Xfinity and thousands of other companies worldwide. Citrix issued additional mitigation guidance on October 23, 2023. Xfinity promptly patched and mitigated the Citrix vulnerability within its systems. However, during a routine cybersecurity exercise on October 25, Xfinity discovered suspicious activity and subsequently determined that between October 16 and October 19, 2023, there was unauthorized access to its internal systems that was concluded to be a result of this vulnerability.”

Xfinity is urging customers to reset their passwords as a protective measure for affected accounts. Additionally, Xfinity highly recommends enabling two-factor or multi-factor authentication, a security feature that many Xfinity customers already utilize.

While advising against reusing passwords across various accounts, the company suggests changing passwords for other accounts that share the same username, password, or security question as the compromised Xfinity account.

While the notice does not specify the number of affected customers, Comcast, in a filing with Maine’s attorney general, confirmed that almost 35.8 million customers are impacted by the breach. Given that Comcast has over 32 million broadband customers according to its latest earnings report, it is likely that the majority, if not all, Xfinity customers are affected.

As of now, it is unclear whether the hackers made a ransom demand, the extent of the impact on Comcast’s operations, or if the incident has been reported to the U.S. Securities and Exchange Commission in compliance with the regulator’s data breach reporting rules. Comcast’s spokesperson did not provide this information.

According to Comcast spokesperson Joel Shadle, there is no evidence of customer data being leaked or attacks on customers. However, Xfinity is taking precautionary measures, requiring customers to reset their passwords and recommending the use of two-factor or multi-factor authentication, although it is not mandatory by default for all customer accounts. The situation continues to evolve, and Comcast assures ongoing data analysis, promising additional notifications as necessary.